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Abstract — Wireless Sensor Networks consists of sensor nodes 
that are capable of sensing the information and maintaining 
security. In this paper, an Anonymity and Trust Management 
Scheme applied to Clustered Wireless Sensor Networks 
(ATMC) is proposed which enhances the security level. It also 
provides a stable path for communication. It is observed that 
the performance of the network is better than existing schemes 
through simulation. 

Index Terms — Anonymity, Cluster head, Trust value, subrange 
values, Wireless Sensor Networks 

I. Introduction 

Wireless Sensor Network (WSNs) consists of a large 
number of tiny sensor nodes that are equipped with sensing, 
processing and communicating components. WSNs 
applications include target tracking in battle field and 
environmental monitoring etc.. Sensor networks face many 
security challenges because of their inherent limitations in 
their energy, computation and communication capabilities. 
The deployment nature of sensor networks makes them more 
vulnerable to various attacks. Sensor networks are deployed 
in unattended and physically insecure environment, 
presenting the added risk of physical attack. Thus, providing 
security to WSNs becomes very important. 

Traditionally, cryptography and authentication approach 
are used to provide security. Conventional approach of 
providing security is not sufficient for autonomous network, 
so trust based approaches are used for providing security to 
the network. In order to evaluate the trustworthiness it is 
essential to establish the co-operation and trust between 
sensor nodes. Group-based Trust Management Scheme [1] 
uses Hybrid Trust Management and works on two topologies: 
intra-group topology and inter-group topology. 

Motivation : During processing of data, each node 
forwards the trust of its neighbors to cluster head upon 
request. When sink sends request to cluster head, it transmits 
neighboring clusters trust value to the sink. So, there is a 
possibility of adversary performing traffic analysis during 
the communication between sensor nodes. 

Hence, security level has to be enhanced by incorporating 
identity anonymity feature to the existing Group-based Trust 
Management Scheme. 

Contribution : In this paper, we have proposed an 
Anonymity based Trust Management algorithm to establish 
and maintain trust values between communicating sensor 
nodes. In identity anonymity, identity of the sensor nodes is 
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hidden from the compromised sensor nodes while calculating 
the trust values. The adversary cannot predict other 
subranges of the sensor node and hence enhances the 
security in WSNs. 

II. Literature Survey 

Riaz et al., [2] proposed Group-based Trust Management 
Scheme which calculates trust for group of sensor nodes in 
each cluster. It works on intra-group topology using 
distributed trust management approach and inter-group 
topology using centralized trust management approach. 

Garth et al., [3] have proposed distributed trust-based 
framework and a mechanism to select the trustworthy cluster 
head from each cluster. Each node has a watchdog mechanism 
that allows it to monitor network events of other nodes. Using 
the information obtained through monitoring, enables the 
nodes to compute and store trust levels. It uses direct and 
indirect information coming from trusted nodes. Trust is 
calculated based on the parameters such as average packet 
drop rate, data packet and control packet. Each node holds 
the trust value of all its neighboring nodes and sends trust 
levels to cluster head upon request. Since trust calculation is 
not based on second hand information, it reduces effect of 
bad-mouthing. Further, reputation-based trust framework for 
WSNs is proposed in [4], which prevents the election of 
compromised or malicious nodes as cluster heads, through 
trust based decision making. It describes the secure cluster 
formation algorithm to establish trusted clusters through pre- 
distributed keys. It employs Beta distribution function in 
modeling reputation between two nodes. Reputation and trust 
is built over time and allow continuation of trusted cluster 
heads election. 

Karthik et al., [5], compares various trust management 
Techniques for high trust values in WSNs. The trust values 
are maintained based on the various processes like trust 
establishment, trust propagation, trust metrics and Group 
Based Trust Management Schemes. Efthimia et al., [6] 
propose Certificate-based approach mechanism for 
deployment knowledge on the trust relationships within a 
network and Behavior-based trust model views trust as the 
level of positive cooperation between neighboring nodes in 
a network. 

Krasniewski et al., proposed TIBFIT protocol in [7], which 
determines event and location in the presence of failure of 
sensor nodes, coupled with diagnosis and isolation of faulty 
or malicious nodes. All nodes in the network are grouped 
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into clusters with rotating cluster heads. Each node is 
assigned a trust index at the cluster head, to indicate its track 
record in reporting past events correctly. 

Yu et al., presents a Trustworthiness-Based QoS Routing 
protocol in [8] for Wireless Ad-hoc Networks. It addresses 
different issues like secure route discovery, secure route 
setup and trustworthiness-based Quality of Service routing 
metrics and presents message exchange mechanism to detect 
internal attacks. The message redundancy is enforced by 
sending various copies of same message if the route 
redundancy does not exist. But there are several other issues 
not addressed like, the procedure for each node to implement 
and maintain local certificate repository, building of trust 
among a node and its neighbors. 

Yao et al., [9] propose a Parameterized and Localized Trust 
Management Scheme (PLUS) for sensor network. Since all 
the database parameters are to be maintained it requires 
storage devices. When the keys get compromised there is a 
possibility of detecting information by the adversary. This 
can be avoided by introducing anonymity scheme as in [10] 
[1 1] so that knowing the virtual information can be avoided. 
They propose Hashing band ID Randomization and Reverse 
Hashing ID Randomization and provide anonymity to the 
nodes. 

The efficiency of the WSNs can be improved by filtering 
the unnecessary messages at every hop as in [12] for heavy 
networks. They have not specified what happens if a node 
becomes malicious. There is a possibility of an adversary 
determining the base station and disrupting it. To overcome 
this problem in [13] [14] [15] [16] state that the anonymity of 
the base station has to be maintained by considering multiple 
sinks. Since mobile sinks are considered, there is a possibility 
of the hotspots of some particular sink and if the mobile sink 
is not within the coverage area then the security is less. 

III. System Model 

Consider a static Wireless Sensor Network consisting of 
a large number of small devices called sensor nodes. The 
number of nodes in a sensor network can be of 144 sensors 
with 600 x 600 nodes, 225 sensors with 800 x 800 nodes and 
324 sensors with 1000 x 1000 nodes. Each sensor node has its 
own ID. The network is divided into number of groups referred 
to as clusters as shown in Figure 1. Cluster Head (CH) is 
elected for each cluster, which has more power compared to 
other members of the cluster. Each sensor node can 
communicate with all its cluster members directly. Each cluster 
head communicates with neighboring cluster heads as well 
as with sink either through intermediate CH or directly. 

IV. Problem Definition 

Consider a given grid based WSNs, in which nodes are 
organized in the form of clusters. The trust values are 
computed and communicated from the nodes to sink through 
the cluster head. During this process, the adversary performs 
traffic analysis and alters the trust values. The objective of 
this work, is to avoid traffic analysis attack. 
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Figure 1. Deployment of Sensor Nodes in Grid Fashion 

Assumptions : 

(i) Initially all nodes will be in uncertain zone. 

(ii) Each node has enough memory to store range of dynamic 
IDs. 

(iii) Sensor nodes have to exchange their ID ranges within a 
short period, to avoid the nodes compromising with an 
adversary. 

(iv) Adversary cannot attack sink. 

V. Algorithm And Implementation 

In order to overcome the traffic analysis attack, anonymity 
of the nodes and trust values are maintained during 
transmission. Initially, N nodes are generated using random 
function and are arranged in a grid fashion. These nodes are 
divided into smaller groups called as clusters and they elect 
their leader called as Cluster Head as proposed in Selection 
of Cluster Head algorithm in Table 1 . 

These cluster heads communicate with the other cluster 
heads and the sink. An adversary can track the information 
being transmitted if it is able to trace the IDs of the sensor 
nodes. To overcome this problem, identity anonymity is 
created by dividing the dynamic ID pool into number of 
subranges of equal size. Each sensor node is given randomly 
chosen subranges that are overlapping and non-contiguous 
from ID pool as explained in Assigning Anonymity IDs 
algorithm in Table 2. Map table is created at each sensor 
node to map true ID of sensor node with dynamic sender and 
receiver ID. 

The trust of any node indicates its ability to provide the 
required service. Based on the trust value, the nodes can be 
categorized as trusted, uncertain or untrusted nodes. If the 
node is malicious it is categorized as untrusted or uncertain 
node. Trust value is calculated first at Node level, then at 
Cluster head level and finally at sink level based on number 
of successful and unsuccessful interaction between the nodes 
using sliding window [2] for every r iterations. Similarly, the 
trust values are computed at cluster heads. 
The trust values of the cluster members and cluster head is 
communicated to the sink. Finally, the sink allocates trust 
values to all the nodes in the network (Table 3). The nodes 
with values greater than 50 are trusted, while nodes with 
values less than 50 are untrusted and those with value ex- 
actly 50 are termed as uncertain. Next, verify if any past inter- 
action had taken place between the communicating nodes. If 
there is no past interaction experience then node will go for 
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Table I. Algorithm : Selection of Cluster Heads (SCH). 

Begin: Algorithm SCH 
Generate: N nodes using rnd function, 
for i=Q:Tr.N do 
for j=0:Tr.N do 
Assign the nodes in grid pattern. 
if(n(i).neigh(l, l))then 

Form Clusters of p nodes each, 
endif; 
endfor; 
endfor; 

for i=Tr.p:N do 
for j=Tr.p:N do 
for k=\:m 
if \n(k).x==i)&&(n(k).y==j) then 

Elect the Cluster Head 
endif; 
endfor; 
endfor; 
endfor; 
end; 



Table II. Algorithm : Assigning Anonymity IDs (AAI) 

Begin: Algorithm AAI 
for i=l:n</x number of nodes in cluster. 

Calculate the anonymity IDs. 
endfor; 
for k=l: nd\ 

for (=1 :length(n(k).neigh) 

Create map table-determine subrange IDs 
of sender and receiver, 
endfor; 
endfor; 
for i=Ti\p:N do 
for j=Ti\p:N do 
for k=\: nd 

if (n{k).x==i)&&(n(k).y==j) then 

Randomly assign subrange IDs from 
map table to sender and receiver, 
endif; 
endfor; 
endfor; 
endfor; 
end; 



peer recommendation evaluation. Here, the node takes rec- 
ommendation from trusted and uncertain nodes. So, mali- 
cious nodes cannot send false recommendation to trusted 
nodes. The sender and receiver in different cluster head re- 
ceive the trust value through the sink. Cluster heads and its 
trust values are changed after every r iterations (Table 4, 
ATMC Algorithm). 

VI. Simulation And Performance Evaluation 

The simulation is performed using MATLAB. Static sen- 
sor nodes organized in grid fashion are deployed in 1000m x 
1000m area and the distance between the node is 50m. Clus- 
ter size in each network is equal, which consists of o nodes. 
Each network comprises of one sink located at the middle of 

©2012ACEEE 
LX)I:01.IJNS.3.4.1092 



ACEEE Int. J. on Network Security , Vol. 03, No. 04, Oct 2012 

Table III. Algorithm : Calculation of Trust Values (CTV) 

Begin: Algorithm CTV 
k=fmd(n(i).sw(:, 14)==2); 
if ~ isempty(ir) 

for Z=l:length(/t); 

Calculate average trust values using 
n(i)./i=(SM/2)*length(/t)); 

endfor; 
else 

k=imd(n(i).sw(:, 14)==0); 
if ~ is empty(ir) 
for /=l:length(/t); 
Calculate average of l/2nd of all untrustful 
node using (n(i).g=[i-n(i).hy2_length(k)); 
endfor; 
endif; 
endif; 

for 7=1 :length(rc(;').sw(:, 1)) 

if (100-/! d" trust value d" 100) then 

node is trusted; so assign trust state, 
else 

node is uncertain or untrustful. 

Check if any past interaction occurred 
between node i and j, then node i takes 
peer recommendation about node j. 

endif; 
endfor; 
end; 



Table IV. Algorithm : Anonymity Trust Management Scheme for 
Clustered WSNs (ATMC) 

Begin: Algorithm ATMC 

input: global nd, N, M, h=k% ji, ki,a, r, u, h, hi, p, SM=0, 
d=0, w=0; 

initialize : trust value of each sensor node. 

Set r,=50, k=\, initial=0; 
begin 
for (a = 1 to r) 

Phase 1: Call Algorithm SCH; 
Phase 2: Call Algorithm AAI; 
for 7=1 :length(n(i) : sw(:, 1)) 
if j=~rd(i) then 

move the window using 

(100*S2)/(S+ U)*(S+l); 

endif; 
endfor; 

Aggregate the trust values from all its neighbors 
and store in matrix form. 

Phase 3: Call Algorithm CTV; 

hi=fmd(n(i).neigh(:, 2)==1); 
if (j=~hi cluster head row) then 

assign trust value to the nodes. 

else 

assign trust value to cluster head. 

endif; 
endfor; 
end; 

the terrain. Maximum trust value of the node is 100. Initially, 
all sensor nodes are in uncertain state, i.e., the trust value is 
50. Let the average size of the cluster be a and the number of 
nodes in the network be N. So the total size of the dynamic ID 
pool should be N*a. Each sensor has got equal number of 
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neighboring nodes of size a-1. Each sensor node randomly 
selects a-1 subranges from the ID pool and cluster head se- 
lects a subranges to communicate with its cluster members 
and as well as neighboring cluster heads. When node re- 
ceives any packet, its sender ID is compared with receiver ID 
in the Map table. Compute dynamic subrange IDs and con- 
sider only the integer values. The random assignment of IDs 
to the nodes is clearly illustrated in Table 5. 

Table V. Map Table: Dynamic ID range for node 1 



Neighbor 


Sender ID 


Receiver ID 


ID 


range 


range 


2 


26000-26025 


26026-26050 


3 


15500-15525 


15526-15550 


U 


1190-11925 


11 926-1 1050 


14 


■27000-27(H5 


2702S-27050 


13 


5S450-5S475 


5S476-5S500 


25 


31SOO-31S25 


31S26-31S50 


26 


21S50-21S75 


21 S 76-21950 


21 


23900-2392.5 


23926-23950 



For example: Let us consider the neighbor nodes 13 and 
14 in Table 5. The sender ID range is between 1 190-1 1925 and 
the receiver ID range is 11926-1 1950 for node 13. But node 14 
sender ID range is 27000-27025 and receiver LD range is 27026- 
27050. This shows that though the nodes have consecutive 
node numbers, still the subrange IDs are different. When a 
cluster head wants to communicate with its neighboring 
cluster, then it uses different ID compared to the ID it uses 
for communicating with its neighbors. 

The trust value is generated for each of the node 
separately. The trust value obtained for each cluster during 
simulation is tabulated in Table 6. For accuracy purpose the 
fractional value upto six points is considered. The trust value 
zero is assigned directly if the nodes have not been 
communicated for more than two sliding time window period 
instead of taking peer recommendations. 

Table VI. Trust Value for Each Cluster 



CN 


Trust Value 


1 


44S0S46941 


2 


4465 164315 


3 


4424 9S 1300 


4 


4372.324430 


5 


4067.457464 


6 


4353 610797 


"I 


4105.167300 


S 


4219.22997 S 


9 


4077.3S4S47 


10 


4427.S32076 



The probability of detection of node IDs by an adversary 
is based on the degree of anonymity as shown in Figure 2. It 
shows that the probability of detection of the node IDs by 
the adversary reduces substantially by increasing the degree 
of anonymity and is minimized completely after 0.94. 

If the nodes are not assigned with the anonymity IDs 
then there is a possibility of the adversary capturing the 
©2012 ACEEE 
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Figure 3. Communication Overhead Vs. Number of Clusters 

node IDs and attacking or misinterpreting or dropping the 
packets. The introduction of both anonymity and assign- 
ment of trust value to the nodes increase the trustworthiness 
of the nodes and avoid misinterpreting, dropping the pack- 
ets or traffic analysis. 

The communication overhead for varying number of 
clusters consisting of the same number of nodes within a 
cluster is shown in Figure 3. It shows that communication 
overhead gradually reduces with increase in the number of 
clusters in WSNs. It is observed that the curve flattens with 
the formation of more than 20 clusters in a given network. 
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Figure 4. Comparison of ACTM (ATMC) with GTMS for Commu- 
nication Overhead 
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The communication overhead is plotted for 100 simulation 
runs for 144, 225 and 324 nodes as shown in Figure 4. The 
graph shows that the communication overhead is less 
compared to GTMS. The communication overhead varies 
depending on size and number of nodes in the network. If the 
number of iterations is increased, communication overhead 
reduces because transfer of nodes changes the position of 
nodes. Still each node possesses past recommendation values 
in the trust table even if their positions are changed and does 
not calculate the trust values from beginning. This reduces 
the communication overhead exponentially. The anonymity 
IDs are calculated initially and are just assigned to the nodes 
for every /-iterations. With low communication overhead it is 
still able to provide enhanced security as it is using anonymity 
oflDs. 

Conclusions 

Security is an important issue in Wireless Sensor 
Networks. We propose an Anonymity and Trust Management 
Scheme (ATMC) algorithm to maintain security and avoid 
traffic analysis attack for WSNs. The proposed approach 
includes inclusion of anonymous IDs and assignment of trust 
values to each node. The concept of anonymity is introduced 
to hide the identity of the sensor nodes from the compromised 
nodes whereas anonymity of node IDs is not maintained in 
GTMS. The cluster head and its members are regularly 
reorganized randomly within the network and hence, the 
chance of early node failure is reduced. Thus, enhanced 
security, longer lifetime and reduced communication 
overhead are achieved in our algorithm. 
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